1.TLS 协议问题:
关于银行的系统大家多知道,现在jdk发布已经也13了。但是呢,银行现在用的系统依然是jdk7.再调取众多接口的时候会遇到一个棘手问题,那就是jdk7版本默认的TLS协议是1.0,为了解决这个问题,我们的代码必须进行指定TLSv1.2版本的协议。这里有两种解决办法。
(1)代码解决。
依赖以下三个jar 包:
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>4.4.10</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient -->
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.6</version>
</dependency>
</dependencies>
代码:
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import javax.net.ssl.SSLContext;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
public static HttpComponentsClientHttpRequestFactory requestFactoryNoProxy() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
//trust all cret
TrustStrategy trustStrategy = new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
return true;
}
};
SSLContext sslContext = SSLContexts.custom().setProtocol("TLS1.2").loadTrustMaterial(null, trustStrategy).build();
SSLConnectionSocketFactory ssf = new SSLConnectionSocketFactory(sslContext);
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(ssf).build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(HttpClientBuilder.create().build());
//if u use proxy, u can set it
//HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(HttpClientBuilder.create().setProxy(new HttpHost("localhost",8080)).build());
requestFactory.setHttpClient(httpClient);
return requestFactory;
}
(2)最为简单。更换jdk 为8版本。因为jdk 8 默认的TLS协议版本就是1.2